Nest: Confronts Smart Home Security

Over the past few weeks, Nest customers experienced a series of hacks including a highly publicized news story where a stranger started talking to a five-year-old boy through the Nest security camera that was mounted on the wall in his bedroom. Google insists that these problems are not the result of problems with their own security protocols or a compromise to their system, but the result of consumers using unsecure login credentials to manage their Nest account, including recycled passwords and default passwords. Since the uptick in camera hacks, Nest has warned customers to secure their accounts by applying stronger passwords and two-factor authentication. Nest has now taken more drastic measures to address the problem, locking users out of their accounts until they change their passwords.

Locking consumers out of their accounts not only means that they won’t have access to the features of the device that they have purchased, such as being able to view recordings, but they will not be provided with alerts and notifications from the devices, potentially leaving them even more vulnerable to security threats.

While device hacking is not very common, the consequences of a hack or other security breach can be very detrimental to a consumer, resulting in high security concerns. Only 5% of US broadband households have had hackers gain access to their devices, yet 41% are concerned about potential hacks.

The actions by Nest reiterate the point that both device manufacturers and consumers have a role to play in maintaining device and network security. By owning connected devices, consumers hold great responsibility. Consumers who opt out of protecting their devices not only put themselves at risk, but their actions can also lead to large scale disruption of services. This was the case with the Distributed Denial of Service (DDoS) attacks in 2016 that shut down Amazon, Paypal, Netflix, and other large online services.

On the other hand, device manufacturers must be more proactive about obtaining consumer participation in managing device security:

Device security measures must be a mandatory part of the customer onboarding process. Measures like creating complex password for devices access should not be optional. To help eliminate password recycling problems stemming from password fatigue, device manufacturers may develop or introduce password managers such as LastPass and 1Password.

New network management services are also emerging that monitor broadband traffic in the home and not only help consumers optimize device connection to the internet, but also help identify and prevent security attacks on the home network. Device manufacturers and service providers can partner with these companies that help keep customers and their data safe.

The Parks Associates report Supporting the Connected Consumer examines the support needs of consumers in the home and discusses the strategies and approaches of different companies attempting to support consumers in their journey with connected devices.